BC AWARE DAY
2019 CONFERENCE

January 29, 2019 · Vancouver, BC

 
 
BCAWARE-bg-2018.jpg
 

Our BC AWARE Day 2019 CONFERENCE will be our biggest conference yet. Our theme is focused on Women in IT & security.

 
Screen Shot 2017-10-16 at 3.26.42 PM.png

LIVE STREAM BC AWARE DAY 2019

(TRACK ONE)

 
9783_152_z.jpg


LOCATION

We are excited to host the BC AWARE DAY 2019 Conference at the Pan Pacific Vancouver located conveniently in downtown Vancouver, BC.

ADDRESS: 300 – 999 Canada Place, Vancouver.

 
Screen Shot 2018-06-05 at 9.54.36 AM.png
 

2019 Speakers


 
 

2019 SCHEDULE


19BCAWARE_schedule_web.png

 

Screen Shot 2019-01-25 at 6.16.06 AM.png
 
 

THE AGENDA


7:00AM to 8:00AM

REGISTRATION & COFFEE


|


8:00AM to 8:15AM

TRACK 1 | Crystal Pavilion

ISACA.png

ISACA WELCOME MESSAGE & KICK OFF


|


8:15AM to 9:00AM

TRACK 1 | Crystal Pavilion

ISACA.png

ISACA International , Chair Rob Clyde


|


9:00AM to 9:45AM

TRACK 1 | Crystal Pavilion

 
Screen Shot 2018-12-11 at 11.39.30 AM.png
 

Passive & Active Defence
Jason Maynard, Sr. Consulting Systems Engineer(West), Cisco

Most organizations (IT/OT) are focused on building out their security posture leveraging passive defensive capabilities but in today's threat landscape this is not enough. Passive defence is a necessity but active defence takes your defensive capabilities to the next level which further enhances your passive defensive capabilities. Learn how to take the next step when it comes to defending.

Attend this session to:

  1. Understand passive defence

  2. Learn the differences between passive and active defence

  3. Review active defence in detail

  4. Leverage open source capabilities when it comes to passive and active defence


    |

    9:45AM to 10:00AM

    BREAK & VENDOR FAIR


    |

    10:00AM to 10:45AM

    TRACK 1 | Crystal Pavilion

 
static1.squarespace.jpg
 

A View From the Inside
Leita Ouellette, Director, Business Strategy, TELUS Cyber Security Solutions, TELUS

At TELUS, we see a lot of internet traffic. In protecting our national mobility and data networks with over 13 million customers, as well as our own 45,000+ employees around the globe, we see cyber threats and trends to which very few organizations are exposed. In my session, I will share some of the key Canadian cyber security trends we’ve uncovered, as well as some insights we’ve gained from protecting consumers, organizations and our employees.


|


10:00AM to 10:45AM

TRACK 2 | Oceanview Suite 5

 
19BCAWARE_Trustwave-new.jpg
 

Am I getting what I pay for? Effectively using MSSP’s to Defend Against Cyber-Threats.
Scott Stevens, Product Management, MDR and DFIR, Trustwave

The marketplace is seemingly filled with service providers touting effective defense against cyber-threats. How can you determine which is most effective and appropriate for your environment? This session highlights IT and business cyber-threat defense challenges while providing insight into emerging trends, in both Managed Security Services (MSS) and Digital Forensics & Incident Response (DFIR) consulting services, for effective risk mitigation and operational security.


|


10:00AM to 10:45AM

TRACK 3 | Oceanview Suite 6

 
19BCAWARE_NYIT.jpg
 

Applications of Artificial Intelligence in Network and Application Security.
Yasir Malik, Professor at NYIT

With the advancement in computing and communication technologies, the IT infrastructure of today enjoys exponential growth, with more users and devices becoming increasingly connected and supporting mobility. The market leaders estimate around 25 billion more devices will be added to the global network by 2020, which will add new services and traffic to the network. The complexity of network architecture and the growing threat environment makes it challenging for service providers and network administrators to efficiently manage the network resources, whilst maintaining its security. Recently, industry and academic researchers have shown keen interest in studying applications of machine learning and artificial intelligence being applied to network management. Network security management tools provide administrators the global view of numerous endpoints, firewalls and security controls. This helps administrators to analyze network security requirements, maintain, configure, automate and deploy security solutions across the network. The data produced at each node provides Intel to various network transactions. This provides an opportunity to translate this information into intelligence that can be used to mine the security related information. In addition, this information can be used to build an intelligent system with the ability to detect vulnerabilities, run security analysis, automate firewall configurations, learning new symptoms and develop predictive security controls. In this tutorial, we will highlight the potential applications of AI in network security management, discuss current trends and future research prospects along with demonstration of tools and techniques.

|


10:00AM to 10:45AM

TRACK 4 | Oceanview Suite 7

 
 

Security-by-Design for Hybrid Cloud Development
Chris Turra, Systems Engineering Manager, Cloud Infrastructure Engineering, Cisco

Most people don't realize Cisco Systems has a team in Vancouver focused on building, managing and securing the infrastructure for its cloud security portfolio-specifically, Cisco Umbrella & Cisco Cloudlock. Attend this session to learn how Cisco's 'security-by-design' approach is ensuring the alignment of its hybrid cloud infrastructure with security best-practices and the evolving needs of its customers.    

|


10:00AM to 10:45AM

Track 5 | Oceanview Suite 8

Post Secondary Networking 101
Michael Argast, Co-Founder and CEO Kobalt Security Inc. and Sky Northern Security Alliance

Tired of posting your resume to HR websites? Looking to connect in meaningful ways with other professionals to build your skills, your funnel, your personal brand?

We all have ideas as to what networking can do for you, but very few of us use the tools to their fullest extent. Which social networks should you use, and why? How do you decide who to connect with and who to build a deeper relationship with? What security events should you consider attending and how do you make the most of your time while there? Developing this skill and using it purposefully is one of the most versatile and important skill in any professional’s kit bag.

Michael will tell personal stories about how he's used networking skills to: 

  • Land new jobs

  • Gain access to new clients

  • Secure funding, gain co-founders and build a business

  • Recruit talent to his organization

  • Rapidly develop valuable skills and expertise

  • Build diversity into his professional network

  • Expand his global connections and gain access to industry leading talent

In addition to these stories, Michael will provide specific, recommended steps to build your networking skills and reputation. Student or working professionals alike will benefit from this session.


|


11:00AM to 11:45AM

TRACK 1 | Crystal Pavilion

 
splunk.png
 

Small Team, Big Results: Scaling Security Operations with SIEM and SOAR
Ale Espinosa, Sr. Director, Product Marketing Security, Splunk

The volume and complexities of today’s security incidents can tax even the largest security teams. This leaves big gaps in incident detection and response workflows that can put organizations at great risk. Your team can’t scale to address every incident, so which ones should you focus on and which ones should you ignore? You shouldn’t be forced to make a choice. 

 In this session, find out how SIEM and SOAR technologies deliver security analytics, machine learning, and automation capabilities to increase the efficiency of security teams and reduce the enterprise’s exposure to risk. Learn how they can help even small teams achieve big results from intelligently streamlined incident detection and response workflows—accelerating your actions, scaling your resources, and optimizing your security operations.


|


11:00AM to 11:45AM

TRACK 2 | Oceanview Suite 5

 
Fortinet_Logo-web.jpg
 

Soaring Global Cyber-Gotchas – Dissecting the Ever-Expanding Threat Landscape
Jeannette Jarvis, Director of Product Marketing, Fortinet

Today nearly every aspect of our society depends on the Global digital infrastructure. This increasing reliance means that cyber-attacks can be hugely disruptive. Bad actors are constantly evolving techniques and tactics to stay under cover. They are persistent. With all the noise from alerts, it can be hard to identify and prioritize incidents. Determining what is meaningful or not, where to prioritize your energy or not isn't easy. In this presentation I will discuss the state of the evolving threat landscape and provide specific data that will help you prioritize your time and resources. What with the 100 billion security events we analyze per day, representing assets from the endpoint to the cloud, I will show you our unique perspective on the threat world.


|


11:00AM to 11:45AM

TRACK 3 | Oceanview Suite 6

 
 

Ignite Your Third Party Governance
Suzanne Grauer, Sr Manager Archer Sales Engineering, RSA

The number and significance of third party relationships continues to grow for organizations across all industries and geographies. When an organization falters in some way, the root cause of the problem is often linked to a third-party relationship. Unfortunately, many organizations that are hit by third party problems didn’t see them coming and had no chance to steer clear. 

In this session, we will explore proven methods to quickly get your third party governance program off the ground. 

You will learn:

  • Common sources of third party problems

  • Key elements of a third party governance program

  • Things to watch out for when starting a program

  • How to mature your governance program


    |

    11:00AM to 11:45AM

    TRACK 4 | Oceanview Suite 7

    Raising the Water Level for Security in BC

    Gary Perkins, CISO Province of BC

     

    Cybersecurity has never been as imperative as it is today. No organization globally is immune to attack. Organizations will be judged not only on their ability to prevent but to detect and respond. It is more critical than ever to have a well-established information security program that guides investment of finite resources and helps ensure risk is mitigated to an acceptable level.  To assist organizations in understanding where to invest these finite resources, the Province of British Columbia has developed Defensible Security for Public Sector Organizations.  The Province is committed to “raising the water level” of security in BC and is helping organizations understand how to go about tackling this challenging problem and better guard their networks, systems, and data from cyber criminals.

|


11:00AM to 11:45AM

TRACK 5 | Oceanview Suite 8

MARS.png

Technical Talk Track c/o MARS: Be a Champion! Reduce Compliance Costs by Adopting Cloud Services.
Sandy Buchanan, Senior Security Consultant, Mirai Security

 Ready or not, cloud is here, and people in your organization are actively exploring either full or partial adoption of its many benefits. In many companies, there is a fear that adopting cloud computing will result in a loss of control, let alone concerns of navigating the compliance requirements of a new environment.

Today’s cloud providers offer a vast complement of services and technologies to help businesses address their compliance needs and reduce associated costs. From granular security controls to measuring policy effectiveness and continuous auditing, the cloud affords businesses clear advantages in setting up and maintaining environments that meet their compliance requirements.

This talk will present a proven approach for maintaining compliance when transitioning to the cloud while increasing the effectiveness of the compliance team.

|


11:45 AM to 12:45 PM

LUNCH & VENDOR FAIR


|


12:45 PM to 1:30 PM


TRACK 1
| Crystal Pavilion

 
SHELEADS.png
 
 
palo alto.png
 

Why Data Analytics and Automation Programs Need to Be Part of an Organizations Security Operations Model.
Ron Dodge, Senior Director, Information Security Engineering, Palo Alto Networks

Security Automation, when done properly, can greatly improve efficiency and enable security professionals to address more complex security functions.  But what does “done properly” mean.  How many controls can be automated, based on security standards such as ISO 27001 and NIST SP800-53.  What do you choose to automate?   How do you measure the impact of your automation efforts?  In this session, we will discuss what it takes for security automation to succeed and highlight how many organizations approach this effort

|


1:45 PM to 2:30 PM

TRACK 2 | Oceanview Suite 5

 
Radware_BCAWARE.jpg
 

Targeting the Hidden Attack Surface of Automation
Carl Herberger, V.P. Security Solutions, Product Marketing, RADWARE

Every day, we hear about Artificial Intelligence (AI) invading more and more of everything around us. Within Information Security, we cannot get around new algorithms, new machine learning techniques and a rush to automate everything. However, have these new technologies paradoxically ushered in a completely new world of vulnerabilities? Radware explores a fascinating topic of how everything from APIs, to people are being attacked in a new hidden attack surface which has uniqueness to cloak and anonymize its designers and has incredible speed and efficiency in its attack types. In fact, this presentation will highlight how each step towards deeper and total connectivity comes with it consequences of protecting the very automation which is designed to make our world easy. In this session, you will take away the notion of how everything from humans to bots have weak undersides to automation and even AI interfaces can be duped into attacks.


|


1:45 PM to 2:30 PM

TRACK 3 | Oceanview Suite 6

scalar.png

Cloud Security: Where to start and why?
Simon Wong, Security Specialist, Scalar Decisions

In this presentation, Simon Wong will share his observations of the BC market approach to Cloud Security – what has worked and what hasn’t. He will explore some of the major solution domains that are marketed under the domain of “Cloud Security”, and where they might fit within your organization. Lastly, he’ll provide a recommended path for any organization taking a risk-based approach to securing cloud-based information and systems.


|


1:45 PM to 2:30 PM

TRACK 4 | Oceanview Suite 7

Technical Talk Track c/o MARS: To Patch Or Not To Patch
Julius Musseau, CTO, Mergebase

The Equifax Struts disaster happened because someone failed to patch. But the recent Event-Stream NPM bug came from an attacker carefully abusing NPM's built-in auto-patch mechanism. In this AppSec talk I'll cover the historical cause of these patching problems. I'll conclude with some risk-balanced patching approaches I've seen employed by a handful of projects that I think show us the way forward for AppSec patching.

Attend this session to:

1. Learn about key critical moments in software engineering history where small decisions around versioning have created significant headaches for patching in the present day.

2. Learn the security and stability tradeoffs of always-patch vs. never-patch vs. balanced strategies.

3. Learn some tricks and tools for auditing your suppliers to see how well they are patching!


|


1:45 PM to 2:30 PM

TRACK 5 | Oceanview Suite 8

Post Secondary: Career Panel
Jo-Ann Smith, Director, Information Security, Vancity


|


2:30PM to 2:45 PM

BREAK & VENDOR FAIR


|


2:45PM to 3:30 PM

TRACK 1 | Crystal Pavilion

checkpoint_web.jpg

My CEO told me we have to move our datacenter to the public cloud...
So, what’s the big deal?

Grant Asplund, Principal Evangelist, Check Point / Dome9

In this session, we will discuss why today’s IT organizations require mature and complete native tools—built in the cloud for the cloud which provides:

  • Complete visibility

  • Configuration management - Identity protection

  • Secure DevOps

  • Compliance Automation

  • Governance Enforcement

  • Environment Lockdown

    We will discuss the subtle yet profound differences in operating your datacenter in the public cloud vs operating your own datacenter. We will discuss the ’Shared Responsibility Model’ and what it really means to you and your IT department as you expand the number of workloads you move to the public cloud. And, as your sophistication increases, and you expand your use of PaaS and IaaS, the complexities follow in tandem. We will show how today’s IT organizations require new, purpose-built tools designed and capable of ’speaking the same language’ as the public cloud infrastructures and built to leverage the extensive API’s they provide. We hope you’ll join us!


|


2:45PM to 3:30 PM

TRACK 2 | Oceanview Suite 5

 
19BCAWARE_ChangeChampion.jpg
 

How to Build a Culture of Cybersecurity Awareness
Agustin Del Vento, MSC, ACC, Director, Change Champions Consulting

Are you looking to turn your employees into your strongest security asset? Curious what some of Canada's leading organizations are doing to drive cybersecurity awareness? Join us in this interactive session hosted by Change Champions Consulting—experts in security awareness and digital transformations.

You’ll learn best practices for running effective security awareness programs as well as essential steps to get one started at your organization. Then, we will share the real-world perspectives and experiences of tackling cybersecurity awareness at BC’s most prestigious organizations, with a panel discussion featuring:

-Suzie Smibert, Global Director Enterprise Architecture & CISO, Finning International

-Kelly Gilchrist, VP information Technology, Interfor

-Stuart Bestbier, VP Enterprise Architecture, QuadReal Property Group 

 About Change Champions Consulting 

Change Champions is a Vancouver-based change management consulting firm that addresses the ‘human’ element of digital transformation. In the cybersecurity space, we partner with organizations to maximize their IT security investments by turning employees into their strongest security assets. Our award-winning programs are used by some of Canada’s leading organizations and consistently drive tangible and sustainable results in cybersecurity. 

|

2:45PM to 3:30 PM

TRACK 3 | Oceanview Suite 6

rubrik.png

Ransomware: Prevent, Detect, and Mitigate or Pay Up!
Rebecca Fitzhugh, Principel Technologist, Rubrik

The term ransomware and the attack stories released weekly are reading more like a sequel. For some, this may be a bad dream. For others, they sleep like babies knowing their data is secure. New variants and new attack tactics arise almost daily in this sophisticated landscape of malware. Did you know ransomware penetrates a corporate firewall every 40 seconds? Have you ever heard of Ransomware-as-a-Service? If you answered "no" to one of these questions, then you need to arm yourself by peering through the ransomware looking glass.

Join this session, led by Rubrik’s Leah Schoeb (Master Technologist), to learn more:

  • Threat: Concerns that IT departments are facing. We’ll stay away from FUD, but life is sometimes scary.

  • Theory: Nowadays, everyone has backups. So why are people still paying ransoms? (Clue: Complexity)

  • Solutions: Yes, you can go beyond your current security perimeter when hit by ransomware. We’ll explore what you can do in this event and how Rubrik can help along with other unexpected benefits.


|


2:45PM to 3:30 PM

TRACK 4 | Oceanview Suite 7

 
logo-dimension-data-gold-sponsor-1.jpg
19BCAWARE_NTT+Security.jpg
 

Global Threat Intelligence: Understanding the challenges and sharing fundamental principles for your cybersecurity plans
Istvan Berko, Americas Cybersecurity Solution Lead, Dimension Data and Danika Blessman, Senior Threat Intelligence Leader, NTT Security

The threat landscape is dominated by email phishing threats, exploitable vulnerabilities, and insider actions. Attackers are using macros, scripts, and social engineering methods, finding unpatched vulnerabilities, and compromising access credentials. Joint Dimension Data to discuss the global cybersecurity threat, vulnerabilities in today’s industries, and how to establish cyber-resilience and agility for today and tomorrow. FREE copy of the Executive Global Threat Intelligence Report (2018 edition) will be available.


|


3:45 PM to 4:30 PM

TRACK 1 | Crystal Pavilion

Privacy in the Time of Digital Disruption
Michael McEvoy, BC Information and Privacy Commissioner

In this presentation, BC’s Information and Privacy Commissioner Michael McEvoy will share his perspectives about privacy protection in our current digital landscape. He will discuss his experiences during his secondment to the UK’s Information Commissioner’s Office, where he was an integral part of that office’s Cambridge Analytica investigation, as well as highlight recent work of the Office of the Information and Privacy Commissioner. Commissioner McEvoy will also provide audience members with practical ways to do “PrivacyRight” inside their own organizations.

|

3:45 PM to 4:30 PM

TRACK 2 | Oceanview Suite 5

tenable.png

Building a Secure Foundation for Converged IT/OT Systems 
Ted Gary, Sr. Product Marketing Manager, Tenable Network Security

The attack surface for industrial control systems (ICS) is a far cry from the past. Once limited to ICS devices running on an isolated OT network, it now includes IT devices on OT networks and OT networks interconnected with IT networks. The result: many organizations lack adequate security controls and are not sure what initial steps will deliver the most value.

The session will summarize highlights from control adoption research jointly sponsored by Tenable and the Center for Internet Security, including a discussion of the six information security controls designated by the Center for Internet Security as Basic Controls -- the things that you must do to create a strong foundation for your success.

 The six basic controls are:

  1. Inventory of authorized and unauthorized devices

  2. Inventory of authorized and unauthorized software

  3. Continuous vulnerability management

  4. Controlled use of administrative privileges.

  5. Secure configurations for hardware and software

  6. Maintenance, monitoring and analysis of audit logs

Each control’s related sub-controls will be discussed, along with the benefits of adoption . Additionally, considerations for applying the controls to ICS will be highlighted. These considerations will be taken from CIS’ recent publication, “CIS Controls: Implementation Guide for Industrial Control Systems,” to which the presenter was a contributor.

In this session you will gain an understanding of the:

●      State of foundational security control adoption

●      Most important control to implement first and why

●      Considerations for applying foundational controls in OT environments

|


3:45 PM to 4:30 PM

TRACK 3 | Oceanview Suite 6

19BCAWARE_TrendMicro.jpg

Outsmarting Email Hackers Using AI and Machine Learning
Krista Laplante-Gaul, Sales Engineer, Trend Micro

Email hacking is a commonly used malicious tactic in our increasingly connected world. Cybercriminals compromise email accounts to enter the IT premises of an organization and carry out attacks ranging from fraud and spying to information and identity theft. Without effective security measures to stop email hacks, potential victims can suffer serious consequences.


|


3:45 PM to 4:30 PM

TRACK 4 | Oceanview Suite 7

The Importance of Having Artificial Intelligence (AI) and Machine Learning to Protect Your Organization.
Serge Bertini, Vice President and Country Manager, Canada, CrowdStrike

Understand how Machine Learning and Artificial Intelligence (AI) can work together, and why they offer better protection against the sophisticated attacks that bypass standard security measures. During this session you will learn how AI can help provide instant visibility and protection across the enterprise. See how leveraging advanced threat intel and machine learning will increase your ability to detect attacks, allowing for faster time to remediation.


|


4:30 PM to 5:30 PM

Track 1 | Crystal Pavilion

Hitachi Wrap Up Reception, Award Ceremony & Prize Draw

 
 
Screen Shot 2019-01-25 at 6.16.37 AM.png
 
BC+Aware+Awards+-+LinkedIn+Graphic.png

FIRST ANNUAL BC AWARE EXCELLENCE IN CYBERSECURITY AWARDS

ISACA Vancouver and its BC AWARE affiliates are launching the First Annual BC AWARE Excellence in Cybersecurity Awards. It is time to celebrate the excellent work security professionals are doing in the Province of BC! These prestigious awards will be presented to the winners on Tuesday January 29, 2019 at BC AWARE Day.

 
Screen Shot 2018-11-06 at 4.49.00 PM.png
 

Upcoming Events 

 


Thank you to our sponsors


TITLE

 
 

PLATINUM SPONSORS


GOLD SPONSORS


SECTOR DAY SPONSORS


START UP SPONSOR


COMMUNITY SPONSORS

 
Screen Shot 2019-01-25 at 6.16.37 AM.png